This is the staff and board alert item.  Post pointers to items in other
conferences that require staff or board attention here.

30 responses total.

There is an ongoing discussion about modifying how grex stores passwords to
bring grex in line with the operating system's standard conventions in
garage.  I have written all the necessary software to do this, but a
misunderstanding between staff members (and myself for misunderstanding that
there was a misunderstanding - I had assumed there wasn't) has highlighted
to me that important staff members do not regularly read the garage
conference.

The relevant item is #27 in garage (garage:27).

(btw- it would be nice if someone would link this item into the staff
conference.)

I can't even get into the staff conference, as STeve has taken over and 
revoked my privileges.  Why don't we just give STeve SUPER-super user 
privileges?  I thought I had seen it all, in terms of egos, in my 
professional life... now, I am starting to wonder.

   My ego is hardly at stake here.

   You completely ignored the protocols Grex has had for more than
a decade, that deal with root access.  YOU GAVE SOMEONE ROOT ACCESS
WITHOUT TELLING PEOPLE.  Thats bad.  That cross was once a staff 
person does not matter in the slightest: the fact remains, quite
simply, that you used horrid judgement here.  The second problem
with this debacle is changing a major part of the system without
talking in staff, or email to make the changes known such that 
all staff could talk about them!

   It's not my ego we're dealing with.  It is that of a stunningly
bad move on your part.

   The ulist has spooked in it again.  I thought I'd fixed that 
before I left for home but hadn't.

Well, you seem to have a timely opinion about everything...  and I did not 
see your (or anyone else's) objection to the said proposal in the garage 
conference.

Changing the password subsystem is hardly rocket science, and the testing 
has been professional.  I trust Dan's technical competency at least, if not 
more, than yours.  And, his judgement MORE than yours.  

Needless to say this is moving the password subsystem to a more standard 
position, something we never should have departed from.

If you want to hang me, go ahead.  However, you will be losing yet another 
good staff member because of your attitude.  If every decision I (backed 
by the community) makes has to first be OKed by you, I really do not want 
to be on staff.

   You can't expect to make a change like this without TRAWLING for
responses from other staff people, Mic!

   Guess what?  *IF* I were completely against this, and I don't 
really know either way, but the majority of staff said that it was
a good thing, guess what?  I'd go along with it.  When we upgraded
OpenBSD last, I used a version of -current, which I'd used at work
and knew was completely functional and worked excellently.  But
John and Jan were nervous about using -current, and Jan came by
and installed the stock 3.8.  I wasn't happy about that, but I
was in the minority, and so I went along with it.  Probably I
should have talked more about using -current than I did, too.

   So let's be really clear here: it was the method of doing
this that is even more important than the ultimate action itself
would be.

Hey guys, this is the Staff and Board Alert item.  I'm unhappy about this
whole thing myself, but can we can it to another item that's more appropriate
to the discussion?

Here's the relevant policy, adopted by the Board:

Staff Membership - November 16, 1994
------------------------------------
Staff with permanent root access may at its discretion grant specific 
resources to qualified individuals for the purpose of performing work 
that is beneficial to Grex. Examples of such resources would be write 
access to selected directories in order to modify data files or to 
install software. In the the event of an emergency, temporary root 
access may be granted by any permanent root.
Permanent root access, access to the staff conference, and access to the 
"baff" mailing list shall be with the advice and consent of the Board.
-----------------------------------------------------------------------
See http://cyberspace.org/local/grex/policy.html for this and other
policies adopted by the Board.

This policy allows temporary root access to non-staff in an emergency, 
which this was not.  It requires board approval for access to the staff 
conference, which was not obtained.

Regarding #9; Okay, just for the record, the staff conference thing was my
fault; don't blame Mic for it.  I made an assumption there that turned out
to be a poor one.  If you're going to blame someone for that specific part
of it, blame me.

Now, could I respectfully request that, if this discussion is going to go on,
it be taken to a separate item?  The purpose of *this* item is to hopefully
prevent things like this from happening in the future, not to discuss last
night.

Under the circumstances involved, I would be very pleased if we could treat this incident as a series of ultimately harmless mistakes that are useful for understanding what harm might have happened and why the policies that are in place exist.

That being said, let us leave recriminations aside and discuss to the extent necessary the changes cross was making, and if approved, allowing him to go ahead and implement them. I do not feel that either he or mic represent a security threat to the system, and especially now that this has happened, they will probably both be more inclined to be aware of and observe the proper protocols. Let's not waste that learning by refusing either of them the opportunity to exercise it simply for having made mistakes with no discernable harmful impact.

Thank you, Eric.  I appreciate your post.

Yeps.

Firstly, I don't need cross to do my dirty work.  If I was a security 
risk and wanted to hurt Grex, I would have imparted damage directly 
(myself) on the system long before this.

Secondly, I feel I was absolutely within my rights of the role I was 
serving in - as stipulated by the bylaw (which I was well awares of) - to 
do what I did.  

The only area which I could have improved the process, and it is 
debateable, is to discuss the matter explicitly beforehand in the staff 
conference -- but, once again, I suspect that if staff is not reading the 
garage conference they are probably not reading the staff conference 
either!  (and, I don't deal in email, as it's a joke).

Please note: I have created a new item, #363, in this conference for
discussion of the events of last night.  I respectfully request that
discussion of those events move to that item.  I'd really like this one to
stay focused so that it can be a resource for staff and the board.

(Oh: both this item and that 363 are also linked into the agorage conference.)

Re #14: Given that this item went off on its current tangent almost 
immediately with only one "alert" posted, wouldn't it be better to simply 
enter a new "Staff and Board alert item", if you think one is needed?

Yeah, probably.  Then what to do about this one?  I wonder if it's possible
to rename it or something.

(A person with root access can do anything they like.  Really.  When I finish
reading the new items in this conference, I'll invite comments on renaming
items.  I've not yet decided *where* I'll make the invitation, though.)

Mic, my time for reading conferences is *really* limited right now.  Staff is
just below Coop in my list of priorities.  Garage is below agora.  So there
is a counter-example to your suspicion in #13 above.

Regarding #18; Great!  Then could you please make it so that my student loans
are paid off?  :-)

Re #17:  Backtalk (and probably Fronttalk) allows item authors to rename 
items.

Okay.

(I have retitled this item.)

(How many hardware engineers does it take to change a light-bulb, Dan? ;)

I don't know, Joe, but I like this one:

How many DEC field service engineers does it take to change a tire?  5.  One
to hold the tire while the other four hold up the car.

rotfl.

(And of course, the obvious extension: how many does it take to screw in a
lightbulb?  6.  1 to hold the light bulb while four rotate the car underneath
the one holding the lightbulb.  The 6th just stands there with the flat tire
looking perplexed.)

How many DCL coders does it take to normalize a password hash.  *snort*

Heh.

(The answer is, "None; anything can be fixed in software."  So how many
software engineers does it take to change a light bulb?  None; it's a
hardware problem.)

Heh.  :-)

Response not possible - You must register and login before posting.

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss